lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150829020301.GM8051@wotan.suse.de>
Date:	Sat, 29 Aug 2015 04:03:01 +0200
From:	"Luis R. Rodriguez" <mcgrof@...e.com>
To:	Paul Moore <paul@...l-moore.com>
Cc:	"Roberts, William C" <william.c.roberts@...el.com>,
	David Woodhouse <dwmw2@...radead.org>,
	David Howells <dhowells@...hat.com>,
	Mimi Zohar <zohar@...ux.vnet.ibm.com>,
	Andy Lutomirski <luto@...capital.net>,
	Kees Cook <keescook@...omium.org>,
	"linux-security-module@...r.kernel.org" 
	<linux-security-module@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
	"james.l.morris@...cle.com" <james.l.morris@...cle.com>,
	"serge@...lyn.com" <serge@...lyn.com>,
	Vitaly Kuznetsov <vkuznets@...hat.com>,
	Eric Paris <eparis@...isplace.org>,
	"selinux@...ho.nsa.gov" <selinux@...ho.nsa.gov>,
	Stephen Smalley <sds@...ho.nsa.gov>,
	"Schaufler, Casey" <casey.schaufler@...el.com>,
	"Luis R. Rodriguez" <mcgrof@...not-panic.com>,
	Dmitry Kasatkin <dmitry.kasatkin@...il.com>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Peter Jones <pjones@...hat.com>, Takashi Iwai <tiwai@...e.de>,
	Ming Lei <ming.lei@...onical.com>, Joey Lee <jlee@...e.de>,
	Vojtech PavlĂ­k <vojtech@...e.com>,
	Kyle McMartin <kyle@...nel.org>,
	Seth Forshee <seth.forshee@...onical.com>,
	Matthew Garrett <mjg59@...f.ucam.org>,
	Johannes Berg <johannes@...solutions.net>
Subject: Re: Linux Firmware Signing

On Fri, Aug 28, 2015 at 06:26:05PM -0400, Paul Moore wrote:
> On Fri, Aug 28, 2015 at 7:20 AM, Roberts, William C
> <william.c.roberts@...el.com> wrote:
> > Even triggered updates make sense, since you can at least have some form of trust
> > of where that binary policy came from.
> 
> It isn't always that simple, see my earlier comments about
> customization and manipulation by the policy loading tools.

If the customization of the data is done in kernel then the kernel
can *first* verify the file's signature prior to doing any data
modification. If userspace does the modification then the signature
stuff won't work unless the tool will have access to the MOK and can
sign it pre-flight to the kernel selinuxfs.

> > Huh, not following? Perhaps, I am not following what your laying down here.
> >
> >  Right now there is no signing on the selinux policy file. We should be able
> > to just use the firmware signing api's as is (I have not looked on linux-next yet)
> > to unpack the blob.
> 
> I haven't looked at the existing fw signing hook in any detail to be
> able to comment on its use as a policy verification hook.  As long as
> we preserve backwards compatibility and don't introduce a new
> mechanism/API for loading SELinux policy I doubt I would have any
> objections.

You'd just have to implement a permissive model as we are with the
fw signing. No radical customizations, except one thing to note is
that on the fw signing side of things we're going to have the signature
of the file *detached* in separate file. I think what you're alluding
to is the issue of where that signature would be stuff in the SELinux
policy file and its correct that you'd need to address that. You could
just borrow the kernel's model and reader / sucker that strips out the
signature. Another possibility would be two files but then I guess
you'd need a trigger to annotate both are in place.

  Luis
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ